The invention relates generally to telecommunications access control systems and more particularly, to a system and method whereby a virtual private switched telecommunications network is autonomously constructed between at least two in-line devices.
Historically, government and business entities could be reasonably confident that their sensitive information communicated by telephone, fax, or modem was confidential, and that no one would monitor or eavesdrop on their plans and strategies. This is no longer true. In the past several years, as interception and penetration technologies have multiplied, information assets have become increasingly vulnerable to interception while in transit between the intended parties.
A wide range of communications, from those concerning military, government, and law enforcement actions, to contract negotiations, legal actions, and personnel issues all require confidentiality; as do communications concerning new-product development, strategic planning, financial transactions, or any other competition-sensitive matter. These confidential matters often require exchanges via telephone, facsimile (fax), Video TeleConference (VTC), data (modem) transmission, and other electronic communication. As businesses depend on their communications systems more and more, those systems are delivering an ever-increasing volume of information, much of which is proprietary and extremely valuable to competitors.
The increasing prevalence of digital communications systems has led to the widespread use of digital encryption systems by governments and enterprises concerned with communications security. These systems have taken several forms, from data Virtual Private Networks (VPN), to secure voice/data terminals.
As used herein, the following terms carry the connotations described below:
Data VPN is understood to refer to a shared or public packet data network wherein privacy and security issues are mitigated through the use of a combination of authentication, encryption, and tunneling.
Tunneling is understood to refer to provision of a secure, temporary path over an Internet Protocol (IP)-based network by encapsulating encrypted data inside an IP packet for secure transmission across an inherently insecure IP network, such as the Internet.
Secure is understood to refer to the use of combinations of encapsulation, compression and encryption to provide telecommunications privacy and security between two devices across an untrusted network, or the result thereof.
Telephony Appliance is understood to refer to a component of the present invention; specifically an in-line device installed on a DS-1 circuit in a telephone network and including means for controlling inbound and outbound calls by determining attributes of the call and performing actions on the call, including allowing, denying, and conducting select calls in secure mode, all pursuant to the security policy and based on at least one attribute of the call.
Communications and computer systems move massive amounts of information quickly and routinely. Enterprises are communicating using voice, fax, data, and video across the untrusted Public Switched Telephone Network (PSTN). Unfortunately, whereas a data VPN uses encryption and tunneling to protect information traveling over the Internet, a data VPN is not designed to protect voice, fax, modem, and video calls over the untrusted PSTN.
Although IP-based VPN technology is automated and widely available, solutions for creating safe tunnels through the PSTN are primarily manual, requiring user participation at both ends to make a call secure. This is the case with the use of secure voice/data terminals, such as Secure Telephone Units (STU-IIIs), Secure Telephone Equipment (STE), and hand-held telephony encryption devices.
Secure voice/data terminals effectively protect sensitive voice and data calls. However, their design and typical deployment can be self-defeating. For example, to enter a secure mode on a STU-III or STE device, both call parties must retrieve a physical encryption key from a safe storage location and insert the key into their individual STU-III or STE device each time a call is placed or received. Also, STU-III and STE devices are expensive, so they are typically located at a special or central location within a department or work center, but not at each work station.
The inconvenience, frustration, and poor voice quality of using manually activated secure voice/data terminals can motivate individuals to xe2x80x9ctalk aroundxe2x80x9d the sensitive material on non-secure phones. Use of secure voice/data terminals for the communication of sensitive information can be mandated by policy, but there is currently no way to properly enforce such a requirement.
Additionally, secure voice/data terminals secure only one end-user station per device. Since they are point-to-pint devices, secure voice/data terminals cannot protect the vast majority of calls occurring between users who do not have access to the equipment. And although there may be policies that specifically prohibit it, sensitive material can be inadvertently discussed on non-secure phones and thereby distributed across the untrusted PSTN.
Secure voice/data terminals cannot implement an enterprise-wide, multi-tiered policy-based enforcement of a corporate security policy, establishing a basic security structure across an enterprise, dictated from the top of the tier downward. Neither can secure voice/data terminals implement an enterprise-wide, multi-tiered policy-based enforcement of selective event logging and consolidated reporting to be relayed up the tier.
Lastly, secure voice/data terminals cannot provide call event logs detailing information about secure calls. Therefore, a consolidated detailed or summary report of a plurality of call event logs can not be produced for use by security personnel and management in assessing the organization""s security posture.
Clearly, there is a need for a system and method to provide secure access across the untrusted PSTN through telephony resources that can be initiated by a security policy defining actions to be performed based upon at least one attribute of the call, providing multi-tiered policy-based enforcement capabilities and visibility into security events.
A system and method to provide secure access across the untrusted PSTN is described, hereafter to be referred to as Virtual Private Switched Telecommunications Network (VPSTN). The VPSTN creates a virtual private network (i.e., xe2x80x9csecuresxe2x80x9d telecommunications), across a public untrusted network between two in-line devices by encrypting calls in accordance with a security policy. The security policy defines actions to be performed based upon at least one attribute of the call. The present invention also provides multi-tiered policy-based enforcement capabilities as well as multi-tiered policy-based security event notification capabilities.
Some primary advantages of the disclosed system and method are: (1) secure transport of voice, fax, modem, and VTC calls across the PSTN; (2) automatic discovery of called and calling party""s capability to support secured communications; (3) automatic discovery of a digital DS-0 channel""s line impairments and capability to support secured communications; (4) automatic detection that a received DS-0 TDM serial stream is VPSTN-compatible; (5) provision of secured communications operating at 64 Kbps, with automatic disabling of secured communications responsive to detection of a call""s request for the full 64 Kbps; (6) automatic compression and decompression of the payload portion of the call when providing secured communications on circuits operating at 56 Kbps or slower; (7) operator-transparency, i.e., neither call party is required to take any specific actions in order to initiate or conduct secure communications; (8) provision of secured communication for multiple end-user stations per device (i.e., secured communication is provided for all calls routed on trunks on which the device is deployed); (9) implementation and enforcement of a security policy designating all inbound and outbound calls are automatically conducted in secure mode whenever possible; (10) implementation and enforcement of a security policy designating that select calls are conducted in secure mode based on one or more designated attributes of the call; (11) implementation and enforcement of a security policy designating that select calls are allowed or denied and other designated actions are performed responsive to the success or failure to conduct a call in secure mode; (12) creation of a VoIP-compatible packet from the data contained in the TDM serial stream; (13) encapsulation of a VoIP-compatible packet to support transport over the synchronous time division multiplexed PSTN network; (14) seamless interchange of VoIP-compatible packets over packet networks to support applications such as secure VoIP; (15) automatic synchronization of packets from one or more diverse remote VPSTN-compatible systems; (16) implementation and enforcement of a security policy designating that select calls are allowed or denied and other designated actions are performed based on one or more designated attributes of the call; (17) implementation and enforcement of a basic security structure and policy across an enterprise, dictated from the top of the tier downward; and (18) implementation and enforcement of an enterprise-wide policy of selective event logging and consolidated reporting to be relayed up the tier.
Some secondary advantages of the disclosed system and method are: (1) policy-based selection of static secret session keys, key exchange mechanisms, and encryption algorithms based on one or more designated attributes of the call; (2) secured communications transparent to the transcoding within the PSTN; (3) automatic compensation when transcoding occurs within the PSTN during secure transport; (4) audible feedback to the calling or called parties indicating the secure state of the call; (5) a message channel transported separate from and concurrent with the secured payload portion of the call; (6) the message channel stays active throughout the duration of the call; (7) secure communications can be initiated or discontinued while the call is in progress; (8) automatic generation and exchange of new keys for each session; (9) automatic disabling of secured communications responsive to detection of designated call-type; and (10) secured transport adds minimal latency to the call with voice quality comparable to toll quality, i.e., the quality of an uncompressed pulse code modulated digital signal level-0 channel at 64,000 bps.